CVE-2021-36807

HIGH

Sophos Unified Threat Management Up2Date < 9.708 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Description

An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0021
EPSS Percentile 42.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
sophos/unified_threat_management_up2date < 9.708
Published Nov 26, 2021
Tracked Since Feb 18, 2026